|Name||The name of the scope|
To optionally add the scope to a hierarchy, select a Parent scope. We recommend that under a hierarchy with limited scopes you should not select unlimited scopes (Use all enterprises and/or Use all datacenters)
|Allowed CIDRs||To optionally create a default list of network addresses from which users with this scope can access the platform, enter Allowed CIDRs. You can also set allowed CIDRs for a role. The user will inherit the role and scope CIDRs. Any allowed CIDRs set directly for the user will have priority over these inherited allowed CIDRs.|
|External scopes||Optional: Specify attributes of an external system to define the user groups that this scope should apply to. An example of external scopes could be an LDAP group for the user. Used in external authentication modes (e.g. openid, ldap). A user's external scopes must map to a single scope (local or global). See LDAP and Active Directory Integration and Abiquo OpenID Connect Integration|
Enterprises to use in the scope. To automatically include all existing and future enterprises, select the options to Use all enterprises.
If this is a user's administration scope, then the user can manage resources in the list of enterprises selected. If this is a resource scope, then users can access the resources if they belong to the enterprises that are part of the scope
|Datacenters||Select Datacenters to include in the scope. For scopes, datacenters can be private cloud datacenters and/or public cloud regions. To automatically include all existing and future datacenters, select the options to Use all datacenters. If this is a user's administration scope, then the user can manage resources in the list of datacenters selected. Resource scopes do not use the datacenters list|